Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have three separate but related questions. Perhaps they belong in Programming, but it is Linux- and security- specific, so I thought here would be a good place.
Is there any way for an application to request that it's memory space never be sent to swap. For instance, say I write an encryption-related application that must store plaintext in memory. I wouldn't want that to get swapped, as that leaves it somewhat vulnerable. In this case I would rather the kernel rudely kill my process than swap it.
The second question is, does the kernel ever swap any part of itself? I would imagine not, but I suppose what I'm asking is, would it work as a dirty hack to simply move the code into kernel-space?
And the final question: assuming that an application can't request to be swapped, how difficult would it be to implement that into the kernel? I'm imagining that would require digging into the guts of the kernel's memory management and process management, so pretty difficult. However, I have never even touched kernel development, so could someone clue me in to exactly the level of impracticality in implementing that?
I would look at the mlock() call. It does exactly what you want. Be careful not to lock too much memory, of course... I would only lock parts that MUST be secure.
A friend who's a computer security academic suggested that both (i) locking memory and (ii) encrypting swap space were problematic: (i) because any selfish program could make itself run faster by preventing itself swapping at the expense of forcing others to swap more and (ii) because you have the possibility of accidentally encrypting the swap space key and therefore losing the ability to decrypt swap. Perhaps he was being too pessimistic...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
